###
 # @Description: 解决类DDos攻击的生产案例
 # @Version: 2.0
 # @Autor: gang
 # @Date: 2020-09-24 13:00:58
 # @LastEditors: gang
 # @LastEditTime: 2020-09-24 13:29:09
### 
#!/bin/bash
file=$1
while true
do
    awk '{print $1}' $1 | grep -v "^$" | sort | uniq -c > /tmp/tmp.log
    
    exec < /tmp/tmp.log
    while read line
    do
        #输出每个客户端IP访问次数
        ip=`echo $line| awk '{print $2}'`
        count=`echo $line| awk '{print $1}'`
        if [ $count -gt 20 ]
            then
            # iptables -I INPUT -s ${ip} -j DROP
            firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address="${ip}" drop'
            echo ${line is dropped} >> /tmp/droplist_$(date +%F).log
        else
            echo > /tmp/tmp.log
        fi
    done
    sleep 60
done
